Twitter says security flaw may have exposed Android users’ direct messages

Twitter on Wednesday disclosed a new security vulnerability that may have exposed the direct messages of users who access the service using Android devices. 

Specifically, the vulnerability could have exposed the private data of Twitter users running devices with Android OS versions 8 and 9, the company said. 

“This vulnerability could allow an attacker, through a malicious app installed on your device, to access private Twitter data on your device (like Direct Messages) by working around Android system permissions that protect against this,” the company said in a blog post. 

The new vulnerability comes just weeks after 130 of Twitter’s most notable users, including Elon Musk, Joe Biden and Bill Gates, had their accounts taken over by hackers as part of a bitcoin scam. Earlier this week, Twitter also disclosed that it expects to pay as much as $250 million to the Federal Trade Commission for using personal information users provided for security purposes to target advertising instead.

The company said there is no evidence that the Android vulnerability has been exploited by attackers. Regardless, Twitter said it has begun informing users who could have been vulnerable. The company has also updated its Android app to remove the vulnerability, and it is requiring anyone who may have been impacted to update their Twitter for Android app. Twitter said it is also identifying changes to its processes to better guard against issues like this. 

“Your privacy and trust is important to us and we will continue working to keep your data secure on Twitter,” the company said in its blog.